Commit Diff
Diff:
bd5f79542cf6491ed9e30bca926286e3b9e2600c
7bdcc91ec70ddde092ac5d7b4f75d54915e7b221
Commit:
7bdcc91ec70ddde092ac5d7b4f75d54915e7b221
Tree:
94066bd47c57b6610ae184e0e6c9b6a32cc440ad
Author:
Omar Polo <op@omarpolo.com>
Date:
Sat Jan 1 17:08:39 2022 UTC
Message:
simplify the proxying code

it doesn't make any sense to keep the proxying info per-location:
proxying only one per-vhost. It can't work differently, it doesn't make
sense anyway.
commit - bd5f79542cf6491ed9e30bca926286e3b9e2600c
commit + 7bdcc91ec70ddde092ac5d7b4f75d54915e7b221
blob - b86359b6d2484f209e48c7bb38e7ad3dd899e198
blob + a6e0d1bd0b46a24ebaa2337add20711460cee46a
--- gmid.c
+++ gmid.c
@@ -301,12 +301,7 @@ free_config(void)
free((char*)l->index);
free((char*)l->block_fmt);
free((char*)l->dir);
-
- free(l->proxy_host);
- tls_unload_file(l->proxy_cert, l->proxy_cert_len);
- tls_unload_file(l->proxy_key, l->proxy_key_len);
-
if (l->dirfd != -1)
close(l->dirfd);
@@ -343,6 +338,10 @@ free_config(void)
free((char*)h->cgi);
free((char*)h->entrypoint);
+ free(h->proxy.host);
+ tls_unload_file(h->proxy.cert, h->proxy.certlen);
+ tls_unload_file(h->proxy.key, h->proxy.keylen);
+
TAILQ_REMOVE(&hosts, h, vhosts);
free(h);
}
blob - 1c9b061ee751b4d0f1e2b4163c29328a745490b1
blob + 7da15c2fe0a8d64a86e8e331a6807f6a8dea0f29
--- gmid.h
+++ gmid.h
@@ -97,6 +97,15 @@ TAILQ_HEAD(lochead, location);
};
extern struct fcgi fcgi[FCGI_MAX];
+struct proxy {
+ char *host;
+ const char *port;
+ uint8_t *cert;
+ size_t certlen;
+ uint8_t *key;
+ size_t keylen;
+};
+
TAILQ_HEAD(lochead, location);
struct location {
const char *match;
@@ -111,13 +120,6 @@ struct location {
int disable_log;
int fcgi;
- char *proxy_host;
- const char *proxy_port;
- uint8_t *proxy_cert;
- size_t proxy_cert_len;
- uint8_t *proxy_key;
- size_t proxy_key_len;
-
const char *dir;
int dirfd;
@@ -158,6 +160,7 @@ struct vhost {
struct envhead env;
struct envhead params;
struct aliashead aliases;
+ struct proxy proxy;
};
struct etm { /* extension to mime */
@@ -242,7 +245,6 @@ struct client {
struct sockaddr_storage addr;
struct vhost *host; /* host they're talking to */
size_t loc; /* location matched */
- struct location *l;
SPLAY_ENTRY(client) entry;
};
@@ -347,7 +349,6 @@ struct location *vhost_reverse_proxy(struct vhost *, c
const char *vhost_index(struct vhost*, const char*);
int vhost_auto_index(struct vhost*, const char*);
int vhost_block_return(struct vhost*, const char*, int*, const char**);
-struct location *vhost_reverse_proxy(struct vhost *, const char *);
int vhost_fastcgi(struct vhost*, const char*);
int vhost_dirfd(struct vhost*, const char*, size_t*);
int vhost_strip(struct vhost*, const char*);
blob - 154e3a5ba32d9397625ac08f91479e7f8e3f36ad
blob + db1ebb661db97c3967c7356fbf55ed043ef1bc54
--- parse.y
+++ parse.y
@@ -278,9 +278,57 @@ servopt : ALIAS string {
| PARAM string '=' string {
add_param($2, $4, 0);
}
+ | proxy
| locopt
;
+
+proxy : PROXY proxy_opt
+ | PROXY '{' optnl proxy_opts '}'
+ ;
+
+proxy_opts : /* empty */
+ | proxy_opts proxy_opt optnl
+ ;
+
+proxy_opt : CERT string {
+ struct proxy *p = &host->proxy;
+ only_once(p->cert, "proxy cert");
+ ensure_absolute_path($2);
+ p->cert = tls_load_file($2, &p->certlen, NULL);
+ if (p->cert == NULL)
+ yyerror("can't load cert %s", $2);
+ }
+ | KEY string {
+ struct proxy *p = &host->proxy;
+
+ only_once(p->key, "proxy key");
+ ensure_absolute_path($2);
+ p->key = tls_load_file($2, &p->keylen, NULL);
+ if (p->key == NULL)
+ yyerror("can't load key %s", $2);
+ }
+ | RELAY_TO string {
+ char *at;
+ const char *errstr;
+ struct proxy *p = &host->proxy;
+
+ only_once(p->host, "proxy relay-to");
+ p->host = $2;
+
+ if ((at = strchr($2, ':')) != NULL) {
+ *at++ = '\0';
+ p->port = at;
+ } else
+ p->port = "1965";
+
+ strtonum(p->port, 1, UINT16_MAX, &errstr);
+ if (errstr != NULL)
+ yyerror("proxy port is %s: %s", errstr,
+ p->port);
+ }
+ ;
+
locations : /* empty */
| locations location optnl
;
@@ -330,7 +378,6 @@ locopt : AUTO INDEX bool { loc->auto_index = $3 ? 1 :
loc->lang = $2;
}
| LOG bool { loc->disable_log = !$2; }
- | proxy
| REQUIRE CLIENT CA string {
only_once(loc->reqca, "require client ca");
ensure_absolute_path($4);
@@ -345,48 +392,6 @@ proxy : PROXY proxy_opt
| STRIP NUM { loc->strip = check_strip_no($2); }
;
-proxy : PROXY proxy_opt
- | PROXY '{' optnl proxy_opts '}'
- ;
-
-proxy_opts : /* empty */
- | proxy_opts proxy_opt optnl
- ;
-
-proxy_opt : CERT string {
- only_once(loc->proxy_cert, "proxy cert");
- ensure_absolute_path($2);
- loc->proxy_cert = tls_load_file($2, &loc->proxy_cert_len, NULL);
- if (loc->proxy_cert == NULL)
- yyerror("can't load cert %s", $2);
- }
- | KEY string {
- only_once(loc->proxy_key, "proxy key");
- ensure_absolute_path($2);
- loc->proxy_key = tls_load_file($2, &loc->proxy_key_len, NULL);
- if (loc->proxy_key == NULL)
- yyerror("can't load key %s", $2);
- }
- | RELAY_TO string {
- char *at;
- const char *errstr;
-
- only_once(loc->proxy_host, "proxy relay-to");
- loc->proxy_host = $2;
-
- if ((at = strchr($2, ':')) != NULL) {
- *at++ = '\0';
- loc->proxy_port = at;
- } else
- loc->proxy_port = "1965";
-
- strtonum(loc->proxy_port, 1, UINT16_MAX, &errstr);
- if (errstr != NULL)
- yyerror("proxy port is %s: %s", errstr,
- loc->proxy_port);
- }
- ;
-
fastcgi : SPAWN string {
only_oncei(loc->fcgi, "fastcgi");
loc->fcgi = fastcgi_conf(NULL, NULL, $2);
blob - 4c5d475f8a799fdfb2b42f9b47cc347825cb72dd
blob + 99fd84213f8ac958ba1be3c02189ac5a83d5996a
--- proxy.c
+++ proxy.c
@@ -284,6 +284,7 @@ proxy_init(struct client *c)
int
proxy_init(struct client *c)
{
+ struct proxy *p = &c->host->proxy;
struct tls_config *conf = NULL;
c->type = REQUEST_PROXY;
@@ -294,16 +295,14 @@ proxy_init(struct client *c)
/* TODO: tls_config_set_protocols here */
tls_config_insecure_noverifycert(conf);
- if (c->l->proxy_cert != NULL) {
+ if (p->cert != NULL) {
int r;
- r = tls_config_set_cert_mem(conf, c->l->proxy_cert,
- c->l->proxy_cert_len);
+ r = tls_config_set_cert_mem(conf, p->cert, p->certlen);
if (r == -1)
goto err;
- r = tls_config_set_key_mem(conf, c->l->proxy_key,
- c->l->proxy_key_len);
+ r = tls_config_set_key_mem(conf, p->key, p->keylen);
if (r == -1)
goto err;
}
blob - 48453c1d9c58a20a12861a40db1f91b9157dc2f5
blob + a0edd85b8b5bdecb779307d2e4aff2b76031cca6
--- server.c
+++ server.c
@@ -207,27 +207,6 @@ struct location *
return loc->block_code != 0;
}
-struct location *
-vhost_reverse_proxy(struct vhost *v, const char *path)
-{
- struct location *loc;
-
- if (v == NULL || path == NULL)
- return NULL;
-
- loc = TAILQ_FIRST(&v->locations);
- while ((loc = TAILQ_NEXT(loc, locations)) != NULL) {
- if (loc->proxy_host != NULL)
- if (matches(loc->match, path))
- return loc;
- }
-
- loc = TAILQ_FIRST(&v->locations);
- if (loc->proxy_host != NULL)
- return loc;
- return NULL;
-}
-
int
vhost_fastcgi(struct vhost *v, const char *path)
{
@@ -630,21 +609,20 @@ apply_reverse_proxy(struct client *c)
static int
apply_reverse_proxy(struct client *c)
{
- struct location *loc;
- struct connreq r;
+ struct proxy *p;
+ struct connreq r;
- if ((loc = vhost_reverse_proxy(c->host, c->iri.path)) == NULL)
+ p = &c->host->proxy;
+ if (p->host == NULL)
return 0;
- c->l = loc;
-
log_debug(c, "opening proxy connection for %s:%s",
- loc->proxy_host, loc->proxy_port);
-
- strlcpy(r.host, loc->proxy_host, sizeof(r.host));
- strlcpy(r.port, loc->proxy_port, sizeof(r.port));
+ p->host, p->port);
+
+ strlcpy(r.host, p->host, sizeof(r.host));
+ strlcpy(r.port, p->port, sizeof(r.port));
- strlcpy(c->domain, loc->proxy_host, sizeof(c->domain));
+ strlcpy(c->domain, p->host, sizeof(c->domain));
imsg_compose(&exibuf, IMSG_CONN_REQ, c->id, 0, -1, &r, sizeof(r));
imsg_flush(&exibuf);
Omar Polo